admingit
/
SH-Deployer
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
SH-Deployer/apps/SA-ITOA/README/savedsearches.conf.example

79 lines
2.8 KiB
Raw Permalink Blame History

# This is an example savedsearches.conf. Use this file to configure
# saved searches.
#
# To use one or more of these configurations, copy the configuration block
# into savedsearches.conf in $SPLUNK_HOME/etc/apps/SA-ITOA/local.
# You must restart Splunk to enable configurations.
#
# To learn more about configuration files (including precedence) please see
# the documentation located at
# http://docs.splunk.com/Documentation/ITSI/latest/Configure/ListofITSIconfigurationfiles
[Test ITSI Reporting Search]
cron_schedule = */5 * * * *
disabled = False
dispatch.earliest_time = -5m
dispatch.latest_time = now
enableSched = True
search = | stats count | eval demo="Demo Search" | fields - count
action.itsi_event_generator = 1
action.itsi_event_generator.param.title = "Host $result.host$ is down"
action.itsi_event_generator.param.description = Test if host $result.host$ is down or not
action.itsi_event_generator.param.owner = admin
action.itsi_event_generator.param.status = 1
action.itsi_event_generator.param.severity = 2
action.itsi_event_generator.param.drilldown_search_title = Raw search of seeing $result.host$ events
action.itsi_event_generator.param.drilldown_search_search= index=_internal host="$result.host$"
action.itsi_event_generator.param.drilldown_search_latest_offset = 30
action.itsi_event_generator.param.drilldown_search_earliest_offset = -30
action.itsi_event_generator.param.drilldown_title = Go to deep dive "$result.sourcetype$"
action.itsi_event_generator.param.drilldown_uri = "/en-US/app/itsi/search/"
[Test ITSI Notable Event Search]
cron_schedule = */5 * * * *
disabled = False
dispatch.earliest_time = -5m
dispatch.latest_time = now
enableSched = True
search = index=_internal | head 4
alert.digest_mode = 0
action.itsi_event_generator = 1
action.itsi_event_generator.param.title = "Host $result.host$ is down"
action.itsi_event_generator.param.description = Test if host $result.host$ is down or not
action.itsi_event_generator.param.owner = admin
action.itsi_event_generator.param.status = 1
action.itsi_event_generator.param.severity = 2
action.itsi_event_generator.param.drilldown_search_title = Raw search of seeing $result.host$ events
action.itsi_event_generator.param.drilldown_search_search= index=_internal host=$result.host$
action.itsi_event_generator.param.drilldown_search_latest_offset = 30
action.itsi_event_generator.param.drilldown_search_earliest_offset = -30
action.itsi_event_generator.param.drilldown_title = Go to deep dive "$result.sourcetype$"
action.itsi_event_generator.param.drilldown_uri = "/en-US/app/itsi/search/"
Reference in new issue View Git Blame Copy Permalink